Mobile Malvertising : Malware Targets Mobile Users

Malware Infects Mobile Users Via Mobile Ad Networks
image credit : http://blog.escanav.com/
Malvertising attacks on PC's were the trending topics on every tech medias last month. Now, the "Malvertising" is the most common and effective malware spreading strategy used by hackers.

Take a look at what Wikipedia says about "Malvertising":

"Malvertising involves injecting malicious or malware laden advertisements into legitimate online advertising networks and webpages. Online advertisements provide a solid platform for spreading malware because significant effort is put into them in order to attract users and sell or advertise the product. Because advertising content can be inserted into high-profile and reputable websites, malvertising provides malefactors an opportunity to "push" their attacks to web users who might not otherwise see the ads, due to firewalls, more safety precautions, or the like. Malvertising is attractive to attackers because they can be easily spread across a large number of legitimate websites without directly compromising those websites."

Now the malware targets mobile users through mobile ad firms. Since these malwares can infect trusted app users through ad networks, most of the app users are in grave danger.

Cyber security firm Avast has identified that the mobile ad firms spreads malwares by posing as official Google Play apps. Avast found 3 mobile ad networks serving malicious ads through their publishers. 

Those ad firms(Espabit.com (Spain), Playmob.es (London), MobileCashOut.com (Amsterdam)) provides advertising kits that developers can implement in their mobile apps. The goal for developers is to monetize from advertisements. If a user clicks on one of the ads delivered by one of the above providers, he may be lead to a malicious subdomain.  

Espabit Spreads Malware


Malware analyst Filip Chytry said in a blog post " The most visited Espabit subdomain, with more than 400,000 views during the last few months, leads app users to pornographic sites via the ads displayed in their apps. The site displays a download offer for nasty apps (no pun intended) that have malicious behavior.

Malicious app download from fake Google Play Store

"The above is just one example of the malicious links; there are many others hosted on the same server. The majority of the links lead to pornography or fake apps that all have one thing in common: They all steal money from innocent users," he added.

ATTACK SCENARIO


When a user clicks on the malicious ads, it redirects the user to a fake Google Play Store and offers download of a malicious app. Since Android does not allow users to install apps from untrusted sources, the sites offer manuals in different languages, like English, Spanish, German, and French, explaining how to adjust Android’s settings so that users can install apps from untrusted sources.

Malware apps download from Fake Google Play Store

After the installation, the app asks for the working Internet connection. Once the app connected to the Internet, the user's device automatically starts sending premium SMS, each costing $0.25 and sent three times a week.

The amount stolen a week does not seem like much, but that may be done on purpose. People may not notice if their phone bill is $3.00 more than it was the month before and if they don’t realize that the app is stealing money from them and don’t delete the app it can cost them $36.00 a year.


References: WikipediaAvast blog 

No comments

Powered by Blogger.